Business Blogging: Security Threat or Blessing

The Internet has spawned a world of people intent on self-expression. For some business executives, the phenomenon may sometimes be bewildering. What are its implications for businesses?

Self-expression began with websites and e-mail and morphed into:

• blogs (journal-style diaries and commentaries, usually on one topic or a family of topics, accessible over the Internet);
• podcasts (one person Internet radio stations);
• vodcasts (one-person Internet TV broadcasts);
• phoblogs (blogs shared among amateur photographers); and
• FOAF (friend-of-a-friend) online networks that crunch together blogs, discussion groups and dating sites.

And, of course, there has been enhancement of the search engines and “RSS” (really simple syndication) aggregators that allow millions of users to find, track and search content from all the above.

Other than sending gigabytes of electronic noise off into space, what is the significance of this explosion of self-expression to business managers and executives? The answer is not simple.

Blogging is everywhere and workers and employees (especially those under 40) may be up to their necks in it, possibly blogging about managers or the company. Company-sponsored blogs can be a clever marketing device to “spread the word” about a company’s products or its recruitment needs. Indeed, they are inexpensive to deploy and easy to use by employees at any level. Blogs get the highest search engine optimization among sites like Google, so if you are blogging well, your company will quickly see the results in increased traffic to your blogs.

But with reference to blogging, there can be a downside for companies. Blogging was listed for the first time in IBM’s latest Global Business Security Index Report as one of the top security threats to businesses in 2006 because of the increased risk of leakage of confidential business data. There are already several lawsuits in the U.S. involving such claims, including an action by a large computer manufacturer for proprietary company information it says was leaked on several blogs before the product was officially released.

Some businesses in Canada may not be fully prepared for the impact of blogging. Some business managers may not realize that blogs can expose a company to significant legal and business risk, beyond leaks of proprietary information. There is appropriately rising concern about the legal risks associated with employee posts to company-sponsored blogs, since, unlike other forms of employee communication, blog posts are available around the world in a matter of seconds through search engines and RSS feeds.

In short, business owners and executives may need to consider some of the legal risks associated with company-sponsored blogs and precautions that can be taken to minimize those risks. Here are some potential hazards:

• Defamatory Statements: Employees may make defamatory statements (intentionally or unintentionally) on a company blog about a third party, exposing the company to liability.
• Disclosure of Trade Secrets: Employees who blog on company-sponsored blogs may inadvertently disclose or share company trade secrets or disclose the secrets of third parties in partnership with your company.
• Disclosure of Business Information: Business plans, marketing initiatives, financial information or other confidential information of your company may be posted by employees to a blog, possibly causing significant and irreparable damage.
• Disclosure of Personal Information: Because company blogs are intended to be informative and insightful and also informal, employees may inadvertently post private information about other employees or third parties. The company may be liable for failing to protect the privacy of the information.
• Infringement of Intellectual Property: Blog posts often include links to other sites or blogs. Without realizing it, employees may infringe a trademark in a blog post or may upload material protected by copyright, exposing the company to liability for infringement.
• Disclosure of Public Company Information: Public companies face greater legal risks than private companies because of securities disclosure rules. Employees may make material misrepresentations on company blogs that could result in serious sanctions against the company by securities regulators or attract civil liability.

To help deal with those possibilities, here are some suggestions:

• Business Blogging Policy: Every business should prepare a written blog policy that sets out what can and cannot be included on company-sponsored blogs. The policy should make it clear that employees should refrain from posting inappropriate information to a blog or make defamatory, harassing or other derogatory comments about the company, its employees or others. For public companies, the policy should include examples of the type of information that should not be posted to a company blog. Employees should be required to review and sign the policy.
• Blog Training: Your company should provide education and training sessions to its employees on the blog policy.
• Blog Monitoring: Without attempting to become Big Brother, you should monitor your company blogs regularly to ensure the content complies with the company blog policy and also to ensure compliance with privacy laws and securities regulations in the case of a public company. Companies may need to find a balance between protecting themselves and encouraging employees to continue blogging.
• Blog Disclaimers: Finally, you should ensure that company-sponsored blogs written by employees contain appropriate disclaimers that limit the company’s liability for statements made by the employee and other potential claims arising from posts to the blog.

Blogging isn’t likely to go away soon, and probably shouldn’t. And so, companies should resolve to work with it to protect their interests and tap its benefits.


Ed.: The writer’s article containing similar content was previously published in CIO Canada.


Christine Mingie is an associate in the Business Law Group in Vancouver. Contact her directly at 604-691-7472 or cmingie@lmls.com

This article appeared in InBrief Winter 2006.  To subscribe to this publication, visit our Publications Request page.